7 if the entity is likely to disclose personal

This preview shows page 6 - 9 out of 16 pages.

7. If the entity is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy : Due to DataTrust’s national level programs, international or oversees recipients are non-applicable and are not mentioned within their personal privacy policies. Document title: ICTICT418_AE_Kn_1of2 Page 6 of 16 Resource ID: TBS_18_028_ICTICT418_AE_Kn_1of2 STUDENT NAME: Annika Sanker
b. Compare DataTrust’s Privacy Policy with the Privacy Act, in particular the Australian Privacy Principles (APP) and the Notifiable Data Breaches scheme (NDB), to check whether they’re covered in the privacy policy. Record your answers for these questions in the following table: i. In the column ‘Privacy policy reference’, list the sentence or paragraph from the privacy policy that addresses the requirement. If it isn’t addressed, either partially or at all, note this. ii. In the column ‘Privacy Act/NDB’, list the part of the Privacy Act that covers each requirement description. Requirements Privacy policy reference Privacy Act/ NDB The kinds of personal information that the entity collects and holds DataTrust only collects data that is relevant to our business dealings. This includes resumes, contact names, business addresses, email and internet addresses, telephone and fax numbers. DataTrust does collect and store the financial records of our dealings with clients, sub-contractors and suppliers. DataTrust does collect financial information relating to credit references with regards to our clients and subcontractors. We do not collect personal or sensitive data regarding any employee or owner of any sub-contractor or client, unless this is specifically related to a work practice. DataTrust collects and stores sensitive and personal information regarding employees. This includes addresses, telephone numbers, next of kin, employment references, financial details and police histories. APP3 - If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities. How the entity collects and holds personal information DataTrust keeps records for a period of one full year in “active service”. Any paper-based records are stored in locked filing cabinets at our head office DataTrust archives all legally required records after a period of one year. These are stored at our head office for a period of not less than seven years. DataTrust stores all data related to clients or sub-contractors and APP 3 Document title: ICTICT418_AE_Kn_1of2 Page 7 of 16 Resource ID: TBS_18_028_ICTICT418_AE_Kn_1of2 STUDENT NAME: Annika Sanker
employees in an electronic database.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture